[2/5] CMS Faethon “what” Cross-Site Scripting Vulnerability

May 8th, 2008 by

[2/5] CMS Faethon “what” Cross-Site Scripting Vulnerability

:RoMaNcYxHaCkEr has discovered a vulnerability in CMS Faethon, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to the "what" parameter in search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerability is confirmed in version 2.2 Ultimate. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:RoMaNcYxHaCkErOriginal Advisory:http://milw0rm.com/exploits/5558

Original post by Pankaj

[2/5] CMS Faethon “what” Cross-Site Scripting Vulnerability

Related Articles:

[4/5] Dokeos Code Execution and Cross-Site Scripting

[2/5] Hal Networks Products Cross-Site Scripting Vulnerabilities

[2/5] CiscoWorks Common Services Cross-Site Scripting Vulnerability

[2/5] PerlMailer Cross-Site Scripting Vulnerability

[2/5] Uniwin eCart Professional “rp” Cross-Site Scripting Vulnerability

Posted in Advisories - Exploits | | [2/5] CMS Faethon “what” Cross-Site Scripting Vulnerability

<< [2/5] HP-UX LDAP-UX Privilege Escalation Vulnerability | [3/5] Musicbox “artistId” SQL Injection Vulnerability >>

Cybertrion Systems

[2/5] CMS Faethon “what” Cross-Site Scripting Vulnerability

Categories

Archives:

Search:

Meta: